Whilst doing some research for a client on some of the social media pitfalls for businesses both public and private – not being able to maintain control over info, malware, brand hijacking, etc., etc. – it became obvious that while social media is by and large an effective business tool, there are some red flags to watch out for.
A 2010 study by the Center for New Communications Research reported that 83 percent of Inc. 500 companies use various social media tools; the companies indicated that having these additional communications lines to customers has been advantageous.
To mitigate social media risks, some companies have instituted comprehensive policies that encompass ethics, legal responsibilities, education and training. DuPont, for instance, created what they call the DuPont Web Based Social Networking and Digital Media Policy.
According to Matt McGonegle, DuPont’s ethics and compliance manager, the Policy “addresses internal social networks, external social networks, codes of conduct and guidelines.” McGonegle added that DuPont also has a ‘Social Network Steering Committee’ that reviews/approves the creation and use of all social networks to ensure adherence to issued guidelines/standards.
“Education and training is equally important and DuPont is establishing a social media training program that will educate employees on the risks of social media, best practices for using social media and DuPont’s policies,” McGonegle said.
All of the aforementioned is critical for any company utilizing social media. Last year, ISACA (previously known as the Information Systems Audit and Control Association, a 43-year old international organization that researches IT governance/control), issued a white paper that highlighted the top five social media risks for businesses – viruses/malware; brand hijacking; lack of control over content; unrealistic customer expectations of ‘Internet speed’ service; and non-compliance with record management regulations.
“The greatest risks posed by social media are all tied to violation of trust,” said ISACA Certification Committee member John Pironti. “Social media is built on the assumption of a network of trusted friends and colleagues, which is exploited by social engineering at great cost. That is why ongoing education is critical.”
And just over a month ago, Symantec Corp. issued its 2011 Social Media Protection Flash Poll that took a close peek at how organizations protect themselves from potential negative consequences of using various social networking sites. The poll showed that there is cause for concern within the enterprise – a typical enterprise experienced nine social media incidents, with an astonishing “94 percent suffering negative consequences including damage to their reputations, loss of customer trust, data loss and lost revenue.”
In fact, Symantec reported that the top three social media incidents a typical enterprise encountered over the past year were: employees sharing too much info in public forums (46 percent); loss or exposure of confidential information (41 percent); increased exposure to litigation (37 percent).
Even more recently, Forrester Research issued a report on Aug. 16, ‘Resources: The Real Cost of Social Media Marketing.’ The report stated that sharing the right social media resources is the biggest challenge today. Interactive marketers, noted Forrester, need to be shepherds, coordinating the sharing of people, technologies, processes and budgets.
Forrester recommended a three-pronged social media approach: 1) Help build a social organization for marketing; 2) Put guidelines in place to empower teams; and 3) Create new cross-team processes.
Whatever the methodology or process your business implements, you need to do something to protect the company information flowing through social networks.
ISACA’s Pironti best summed it up:
“I think that the blinders have been on at a lot of enterprises. ISACA isn’t warning companies not to fully embrace social networking – they just need to go into it with their eyes wide open to the risks as well as the benefits.”